This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
80fd220b-e3b5-4
Explorer
‎2019-11-16 02:16 AM

IPS Attack direction

Hi everyone,
On my checkpoint 80.30 I would like to know, for a generic IPS log, which field tell me the direction of attack, in order to get who is the attacker, the pc or the server. I think that is simple for the checkpoint by looking the direction of the attack signature . Please do not confuse the session TCP/IP direcion with the attack direction.
thanks a lot.
Emi

0 Kudos
4 Replies
Nick_Doropoulos
Advisor
‎2019-11-17 04:57 AM

Hello,

You could use the IPS Security Logs found in sk144192.

I hope this helps.

0 Kudos
emiliano_mastro
Participant
‎2019-11-17 05:22 AM
In response to Nick_Doropoulos

hi nick, thanks for answer, but I had already seen that sk, but there isn't a field for attack direction

0 Kudos
Vladimir
Champion
Champion
‎2019-11-17 05:20 AM

I think that the attacks should be treated as correlated events and not by a single IPS log entry.

Whole point of multi-vector attacks is the difficulty in attribution and necessity of identifying all of their components. 

 

Nick_Doropoulos
Advisor
‎2019-11-17 06:51 AM
In response to Vladimir

I fully agree with your assessment Vladimir!
0 Kudos